When regulators ask, “Who is accountable for cyber security in your organisation?” can you answer with confidence?
We don’t just consult, we embed. Our team works alongside yours to understand your operations, culture, and risks, protecting your organisation like we’re protecting our
The Accountability Gap
Most Australian organisations have cyber security controls in place. But when something goes wrong, accountability is unclear.
Is it IT? Compliance? A third-party provider? The Board?
That ambiguity is a liability. Recent enforcement actions show regulators are no longer accepting “we thought IT had it covered” as a defence.
Recent Examples:
- Australian Clinical Labs (2024) — $5 million penalty for failing to protect 223,000 patient records
- FIIG Securities (2024) — $2.2 million penalty for poor access controls exposing client data
- Fortnum Private Wealth (ongoing) — ASIC alleges failure to implement “reasonable steps” despite knowing the risks
The common thread? Governance failures, not just technical ones.
Why This Matters for Directors
Under the Privacy Act 1988 and recent amendments, organisations must take reasonable steps to protect personal information.
Courts and regulators now expect:
- Board-level oversight of cyber risk
- Documented policies and regular reviews
- Third-party risk management
- Tested incident response plans
- Evidence of action, not just intent
The risk isn’t just financial penalties. It’s personal liability, reputational damage, and loss of stakeholder trust.
How We Help: Start with a Guided Cyber Security Self-Assessment
Before committing to a formal audit, many organisations benefit from a structured, consultative assessment that engages both leadership and IT.
Our Guided Cyber Security Self-Assessment is aligned with ISO 27001, CIS Controls, the Essential Eight, and Australian privacy obligations.
What You Get:
- Executive summary for Directors and senior leadership
- Detailed technical report for IT with a cyber maturity snapshot
- 180-day roadmap and action plan
- Structured workshop to deliver findings and recommendations
Need ongoing assurance?
We also provide fully managed cyber security services including vCISO, MXDR, SOC, and Board-level reporting.
What Makes Us Different
We embed, not just advise.
Our team works collaboratively alongside yours, including your IT team and third-party providers, to understand your operations, culture, and unique risks. We protect your organisation like we’re protecting our own.
We provide evidence, not just advice.
Policies, assessments, Board reports, incident response plans, all documented, audit-ready, and tailored to your organisation. You can use our reporting in Board papers, client questionnaires, insurance renewals, and due diligence processes.
We’re Australian-owned and operated.
Our training, frameworks, and services are built for Australian organisations, aligned with local legislation, regulatory expectations, and business realities.
Take the Next Step
Request a Guided Cyber Security Self-Assessment
A structured, consultative assessment that engages leadership and IT to identify your company’s risks, prioritise actions, and build a detailed remediation roadmap.
Investment: Starts from $7,500 (ex GST)
Or book a confidential 20-minute discussion with one of our vCISOs to discuss your current governance structure and how to demonstrate “reasonable steps” to regulators.
